Med-QUEST Logo  

Overview
MQD HIPAA Activity
Providers
Health Plans
Government Providers
Software Developers
News and Events
Documents and Deliverables
Helpful Links
Frequently Asked Questions
Glossary of Terms
837/835 Testing
 
Contact Us
Downloadable Forms


What is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191), also known as HIPAA, was enacted as a Congressional attempt to reform healthcare. The purpose of the Act is to:

  • Improve portability and continuity of health insurance coverage in the group and individual markets;
  • To combat waste, fraud, and abuse in health insurance and health care delivery;
  • To promote the use of medical savings accounts;
  • To improve access to long-term care services and coverage;
  • To simplify the administration of health insurance;
  • To provide Americans with new rights to control the release of their personal health information;
  • To protect the privacy of personal health information maintained by most health care providers, hospitals, health plans and health insurers, and health care clearinghouses;
  • To protect against unauthorized use of medical records for employment purposes;
  • To establish specific federal penalties if an individual’s right to privacy of health information is violated; and
  • Other purposes.

Title I of the HIPAA law deals with health care access, portability, and renewability with the intention of protecting health insurance coverage for workers and their families when they change or lose their jobs. Title II of the law, also known as "Administrative Simplification", deals with preventing health care fraud and abuse.

The "Administrative Simplification" aspect of that law requires the United States Department of Health and Human Services (HHS) to develop standards and requirements for maintenance and transmission of health information that identifies individual patients. These standards are usually referred to as "HIPAA Regulations".
These regulations are designed to:

  • Improve the efficiency and effectiveness of the healthcare system by standardizing the interchange of electronic data for specified administrative and financial transactions; and
  • Ensure all affected health care related organizations develop both physical and procedural guidelines to protect the security and confidentiality of health information.


Who is Affected?
The new laws affect virtually all health care-related organizations, including health plans, providers, business associates, clearinghouses, federal Medicare and State Medicaid programs, and other state and local government organizations that handle health care information.

Every link in the communication chain is affected in some way, including providers and benefits payers that exchange claim and payment data. Electronic processes that are affected by HIPAA include enrollments and eligibility transactions, provider transactions and communications, claim transactions, and remittance advice. Non-compliance can lead to severe civil and criminal penalties.


What are the Regulations?
The Administrative Simplification provision is composed of four parts, each of which has generated a variety of rules and standards. Final and pending rules address transactions and code set standards, privacy and security standards to protect health information, and establish national provider and employer identifiers.

The four parts of Administrative Simplification are:

Electronic Health Transaction Standards - Standards for eight electronic transactions and for code sets. All covered entities must be in compliance with this component by Oct. 16, 2003.
http://aspe.hhs.gov/admnsimp/final/txfinal.pdf

Unique Identifier - Proposes a standard for a National Health Care Provider Identifier, National Employer Identifier and a National Health Plan Identifier. This component is currently in development. The National Individual Identifier has been placed on hold due to citizen concerns. (National Employer Identifier is complete, in CFR 5 31 2003.)
http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=2002_register&docid=02-13616-filled.pdf

Security Rule - Proposes standards for the security of individual health information. The final security rule was published in CFR Friday 2/20/2003.
http://aspe.hhs.gov/admnsimp/FINAL/FR03-8334.pdf

Privacy and Confidentiality Standards - Standards to protect the privacy of individually health information. Covered entities must be in compliance with this component by April 14, 2003.
http://www.hhs.gov/ocr/hipaa/finalreg.html

ELIGIBILITY | PROVIDERS | HIPAA | CONTRACTORS/VENDORS
NEWS AND EVENTS | FREQUENTLY ASKED QUESTIONS | FORMS | CONTACT US		  

© Hawaii State Med-QUEST Division, 2003